SSL-Certificate

Hi there!

So my situation is this: I bought a VPS server from Digital Ocean and set up two seperate domains.
I used the exact same steps for each domains and they are finally working great, so I’m pretty happy! :slight_smile:
Now here comes my problem: When I tried to obtain an SSL certificate for each domain, I could only do it on one of them! The only difference in the domains is that I used a different domain registrar for them.

My two domains are:

  • vvebdevelopment.com (the SSL-certificate working here) // NameCheap domain registrar
  • vvebfejlesztes.hu (not working) // Nethely.hu domain registrar

I ran this command: sudo certbot --apache -d vvebfejlesztes.hu -d www.vvebfejlesztes.hu

It produced this output:
Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apache
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for vvebfejlesztes.hu
Waiting for verification…
Cleaning up challenges
Failed authorization procedure. vvebfejlesztes.hu (http-01): urn:ietf:params:acme:error:dns :: No valid IP addresses found for vvebfejlesztes.hu

IMPORTANT NOTES:

  • The following errors were reported by the server:

    Domain: vvebfejlesztes.hu
    Type: None
    Detail: No valid IP addresses found for vvebfejlesztes.hu

My web server is (include version):
Apache/2.4.29

The operating system my web server runs on is (include version):
Ubuntu 18.04

My hosting provider, if applicable, is:
Digital Ocean

I can login to a root shell on my machine (yes or no, or I don’t know):
Yes.

I’m using a control panel to manage my site (no, or provide the name and version of the control panel):
No.

The version of my client is (e.g. output of certbot --version or certbot-auto --version if you’re using Certbot):
0.31.0

Thanks for the suggestions in advance.

1 Like

Hi @William

read your error message. Checking your domain - https://check-your-website.server-daten.de/?q=vvebfejlesztes.hu - there is no valid ip address defined.

Host T IP-Address is auth. ∑ Queries ∑ Timeout
vvebfejlesztes.hu A yes 1 0
AAAA yes
www.vvebfejlesztes.hu A 207.154.213.20 Frankfurt am Main/Hesse/Germany (DE) - DigitalOcean, LLC No Hostname found yes 1 0
AAAA yes

Your www has one, your non-www not. Add the same ip to your non-www.

2 Likes

That’s the thing. I do have it added:

:thinking:

…except the NS records at the bottom of that screen shot say that you’re using Digital Ocean’s DNS, not your registrar’s. What does your DO DNS panel look like?

2 Likes

Ohh sorry. :neutral_face: I didn’t know the NS records are not mandatory to make a DO VPS work.
It has the same setup as for the vvebdevelopment.com one by the way:

Your configuration is terrible.

Read https://check-your-website.server-daten.de/?q=vvebfejlesztes.hu

ns1.nethely.hu is your name server, nothing else.

The www entry is correct. A second entry with an empty hostname is required, that defines your missing non-www A record.

Most other records are wrong. You have created records with vvebfejlesztes.hu.vvebfejlesztes.hu and www.vvebfejlesztes.hu.vvebfejlesztes.hu, because the menu adds your domain name.

2 Likes

Ohh wow! It’s funny how someone can create a mess while the website would still work. :sweat_smile:

This was my first time with web-hosting, so I apologize. I’ll try to fix & clean up the mess then.

Thank you for your guidance @JuergenAuer.

1 Like

NS records ARE mandatory. But like @JuergenAuer said, your registrar is set to use their own name server, not DO’s nameservers. So you’re adding records on DO’s DNS, but your registrar isn’t even looking at them.

2 Likes

I see. I find it quite strange then that while some registrars do allow to use someone elses NS, some doesn’t. Thanks for your response!

It is just me? or does
vvebdevelopment.com
look waaaay too much like:
webdevelopment.com

[zoomed for clarity]
image

2 Likes

Yes. That’s the point! :slightly_smiling_face:
V.V. are the inital letters of my name and I enjoy Web development so I figured the amount of confusion between the ‘vv’ and ‘w’ would be worth it for me in the end. :slight_smile:

1 Like

Does nethely not let you set a custom name server?

Well, I (wrongly) assumed so, because it didn’t let me delete their NS, but I figured it out if I just modify it, then it’s all good, so I’ve already made the change to the DO one. I’m all set. :slight_smile:

2 Likes

I believe all registrars do allow this, though they naturally go about it in different ways.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.